diff --git a/src/main/java/com/google/devtools/build/lib/authandtls/BUILD b/src/main/java/com/google/devtools/build/lib/authandtls/BUILD index 23d2909923954d..906cd254e50fb6 100644 --- a/src/main/java/com/google/devtools/build/lib/authandtls/BUILD +++ b/src/main/java/com/google/devtools/build/lib/authandtls/BUILD @@ -15,6 +15,8 @@ java_library( srcs = glob(["*.java"]), deps = [ "//src/main/java/com/google/devtools/build/lib/concurrent", + "//src/main/java/com/google/devtools/build/lib/events", + "//src/main/java/com/google/devtools/build/lib/vfs", "//src/main/java/com/google/devtools/common/options", "//third_party:auth", "//third_party:auto_value", diff --git a/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java b/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java index 8600e7e56ca74b..9e55143ac88aab 100644 --- a/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java +++ b/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java @@ -19,6 +19,8 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Preconditions; import com.google.common.base.Strings; +import com.google.devtools.build.lib.vfs.FileSystem; +import com.google.devtools.build.lib.vfs.Path; import io.grpc.CallCredentials; import io.grpc.ClientInterceptor; import io.grpc.ManagedChannel; @@ -41,6 +43,8 @@ import java.io.IOException; import java.io.InputStream; import java.util.List; +import java.util.Map; +import java.util.Optional; import java.util.concurrent.Executor; import java.util.concurrent.TimeUnit; import javax.annotation.Nullable; @@ -191,7 +195,20 @@ private static NettyChannelBuilder newNettyChannelBuilder(String targetUrl, Stri * @throws IOException in case the call credentials can't be constructed. */ @Nullable - public static CallCredentials newCallCredentials(AuthAndTLSOptions options) throws IOException { + public static CallCredentials newCallCredentials( + Map clientEnv, + FileSystem fileSystem, + AuthAndTLSOptions options) throws IOException { + Credentials creds = newCredentials(clientEnv, fileSystem, options); + if (creds != null) { + return MoreCallCredentials.from(creds); + } + return null; + } + + @Nullable + @VisibleForTesting + public static CallCredentials newCallCredentialsForTesting(AuthAndTLSOptions options) throws IOException { Credentials creds = newCredentials(options); if (creds != null) { return MoreCallCredentials.from(creds); @@ -217,12 +234,46 @@ public static CallCredentialsProvider newCallCredentialsProvider(@Nullable Crede */ @Nullable public static Credentials newCredentials(@Nullable AuthAndTLSOptions options) throws IOException { + Optional credentials = newGoogleCredentials(options); + + return credentials.orElse(null); + } + + /** + * Create a new {@link Credentials} with following order: + * + *
    + *
  1. If authentication enabled by flags, use it to create credentials + *
  2. Use .netrc to provide credentials if exists + *
  3. Otherwise, return {@code null} + *
+ * + * @throws IOException in case the credentials can't be constructed. + */ + @VisibleForTesting + public static Credentials newCredentials( + Map clientEnv, + FileSystem fileSystem, + AuthAndTLSOptions authAndTlsOptions) + throws IOException { + Optional credentials = newGoogleCredentials(authAndTlsOptions); + + if (credentials.isEmpty()) { + // Fallback to .netrc if it exists. + credentials = newCredentialsFromNetrc(clientEnv, fileSystem); + } + + return credentials.orElse(null); + } + + private static Optional newGoogleCredentials( + @Nullable AuthAndTLSOptions options) throws IOException { if (options == null) { - return null; + return Optional.empty(); } else if (options.googleCredentials != null) { // Credentials from file try (InputStream authFile = new FileInputStream(options.googleCredentials)) { - return newCredentials(authFile, options.googleAuthScopes); + return Optional.of(newGoogleCredentials(authFile, options.googleAuthScopes)); } catch (FileNotFoundException e) { String message = String.format( @@ -231,10 +282,10 @@ public static Credentials newCredentials(@Nullable AuthAndTLSOptions options) th throw new IOException(message, e); } } else if (options.useGoogleDefaultCredentials) { - return newCredentials( - null /* Google Application Default Credentials */, options.googleAuthScopes); + return Optional.of(newGoogleCredentials( + null /* Google Application Default Credentials */, options.googleAuthScopes)); } - return null; + return Optional.empty(); } /** @@ -243,7 +294,7 @@ public static Credentials newCredentials(@Nullable AuthAndTLSOptions options) th * @throws IOException in case the credentials can't be constructed. */ @VisibleForTesting - public static Credentials newCredentials( + public static Credentials newGoogleCredentials( @Nullable InputStream credentialsFile, List authScopes) throws IOException { try { GoogleCredentials creds = @@ -259,4 +310,43 @@ public static Credentials newCredentials( throw new IOException(message, e); } } + + /** + * Create a new {@link Credentials} object by parsing the .netrc file with following order to + * search it: + * + *
    + *
  1. If environment variable $NETRC exists, use it as the path to the .netrc file + *
  2. Fallback to $HOME/.netrc + *
+ * + * @return the {@link Credentials} object or {@code null} if there is no .netrc file. + * @throws IOException in case the credentials can't be constructed. + */ + @VisibleForTesting + static Optional newCredentialsFromNetrc(Map clientEnv, FileSystem fileSystem) + throws IOException { + Optional netrcFileString = + Optional.ofNullable(clientEnv.get("NETRC")) + .or( + () -> + Optional.ofNullable(clientEnv.get("HOME")) + .map(home -> home + "/.netrc")); + if (netrcFileString.isEmpty()) { + return Optional.empty(); + } + + Path netrcFile = fileSystem.getPath(netrcFileString.get()); + if (!netrcFile.exists()) { + return Optional.empty(); + } + + try { + Netrc netrc = NetrcParser.parseAndClose(netrcFile.getInputStream()); + return Optional.of(new NetrcCredentials(netrc)); + } catch (IOException e) { + throw new IOException( + "Failed to parse " + netrcFile.getPathString() + ": " + e.getMessage(), e); + } + } } diff --git a/src/main/java/com/google/devtools/build/lib/buildeventservice/BazelBuildEventServiceModule.java b/src/main/java/com/google/devtools/build/lib/buildeventservice/BazelBuildEventServiceModule.java index 283c2a25bdcdc3..beb54b6b5301f3 100644 --- a/src/main/java/com/google/devtools/build/lib/buildeventservice/BazelBuildEventServiceModule.java +++ b/src/main/java/com/google/devtools/build/lib/buildeventservice/BazelBuildEventServiceModule.java @@ -24,6 +24,7 @@ import com.google.devtools.build.lib.authandtls.GoogleAuthUtils; import com.google.devtools.build.lib.buildeventservice.client.BuildEventServiceClient; import com.google.devtools.build.lib.buildeventservice.client.BuildEventServiceGrpcClient; +import com.google.devtools.build.lib.runtime.CommandEnvironment; import io.grpc.ClientInterceptor; import io.grpc.ManagedChannel; import io.grpc.Metadata; @@ -70,7 +71,7 @@ protected Class optionsClass() { @Override protected BuildEventServiceClient getBesClient( - BuildEventServiceOptions besOptions, AuthAndTLSOptions authAndTLSOptions) throws IOException { + CommandEnvironment env, BuildEventServiceOptions besOptions, AuthAndTLSOptions authAndTLSOptions) throws IOException { BackendConfig newConfig = BackendConfig.create(besOptions, authAndTLSOptions); if (client == null || !Objects.equals(config, newConfig)) { clearBesClient(); @@ -78,7 +79,8 @@ protected BuildEventServiceClient getBesClient( client = new BuildEventServiceGrpcClient( newGrpcChannel(config), - GoogleAuthUtils.newCallCredentials(config.authAndTLSOptions()), + GoogleAuthUtils.newCallCredentials( + env.getClientEnv(), env.getRuntime().getFileSystem(), config.authAndTLSOptions()), makeGrpcInterceptor(config)); } return client; diff --git a/src/main/java/com/google/devtools/build/lib/buildeventservice/BuildEventServiceModule.java b/src/main/java/com/google/devtools/build/lib/buildeventservice/BuildEventServiceModule.java index 4f12b169e6fbcc..869b12e2a2e1bd 100644 --- a/src/main/java/com/google/devtools/build/lib/buildeventservice/BuildEventServiceModule.java +++ b/src/main/java/com/google/devtools/build/lib/buildeventservice/BuildEventServiceModule.java @@ -699,7 +699,7 @@ private BuildEventServiceTransport createBesTransport( final BuildEventServiceClient besClient; try { - besClient = getBesClient(besOptions, authTlsOptions); + besClient = getBesClient(cmdEnv, besOptions, authTlsOptions); } catch (IOException | OptionsParsingException e) { reportError( reporter, @@ -845,7 +845,7 @@ private static AbruptExitException createAbruptExitException( protected abstract Class optionsClass(); protected abstract BuildEventServiceClient getBesClient( - OptionsT besOptions, AuthAndTLSOptions authAndTLSOptions) + CommandEnvironment env, OptionsT besOptions, AuthAndTLSOptions authAndTLSOptions) throws IOException, OptionsParsingException; protected abstract void clearBesClient(); diff --git a/src/main/java/com/google/devtools/build/lib/remote/RemoteModule.java b/src/main/java/com/google/devtools/build/lib/remote/RemoteModule.java index 2f219457a2d712..a09f8c5c6839f3 100644 --- a/src/main/java/com/google/devtools/build/lib/remote/RemoteModule.java +++ b/src/main/java/com/google/devtools/build/lib/remote/RemoteModule.java @@ -49,9 +49,6 @@ import com.google.devtools.build.lib.authandtls.AuthAndTLSOptions.UnresolvedScopedCredentialHelper; import com.google.devtools.build.lib.authandtls.CallCredentialsProvider; import com.google.devtools.build.lib.authandtls.GoogleAuthUtils; -import com.google.devtools.build.lib.authandtls.Netrc; -import com.google.devtools.build.lib.authandtls.NetrcCredentials; -import com.google.devtools.build.lib.authandtls.NetrcParser; import com.google.devtools.build.lib.authandtls.credentialhelper.CredentialHelperEnvironment; import com.google.devtools.build.lib.authandtls.credentialhelper.CredentialHelperProvider; import com.google.devtools.build.lib.bazel.repository.downloader.Downloader; @@ -1047,95 +1044,6 @@ RemoteActionContextProvider getActionContextProvider() { return actionContextProvider; } - /** - * Create a new {@link Credentials} object by parsing the .netrc file with following order to - * search it: - * - *
    - *
  1. If environment variable $NETRC exists, use it as the path to the .netrc file - *
  2. Fallback to $HOME/.netrc - *
- * - * @return the {@link Credentials} object or {@code null} if there is no .netrc file. - * @throws IOException in case the credentials can't be constructed. - */ - @Nullable - @VisibleForTesting - static Credentials newCredentialsFromNetrc(Map clientEnv, FileSystem fileSystem) - throws IOException { - String netrcFileString = - Optional.ofNullable(clientEnv.get("NETRC")) - .orElseGet( - () -> - Optional.ofNullable(clientEnv.get("HOME")) - .map(home -> home + "/.netrc") - .orElse(null)); - if (netrcFileString == null) { - return null; - } - - Path netrcFile = fileSystem.getPath(netrcFileString); - if (netrcFile.exists()) { - try { - Netrc netrc = NetrcParser.parseAndClose(netrcFile.getInputStream()); - return new NetrcCredentials(netrc); - } catch (IOException e) { - throw new IOException( - "Failed to parse " + netrcFile.getPathString() + ": " + e.getMessage(), e); - } - } else { - return null; - } - } - - /** - * Create a new {@link Credentials} with following order: - * - *
    - *
  1. If authentication enabled by flags, use it to create credentials - *
  2. Use .netrc to provide credentials if exists - *
  3. Otherwise, return {@code null} - *
- * - * @throws IOException in case the credentials can't be constructed. - */ - @VisibleForTesting - static Credentials newCredentials( - Map clientEnv, - FileSystem fileSystem, - Reporter reporter, - AuthAndTLSOptions authAndTlsOptions, - RemoteOptions remoteOptions) - throws IOException { - Credentials creds = GoogleAuthUtils.newCredentials(authAndTlsOptions); - - // Fallback to .netrc if it exists - if (creds == null) { - try { - creds = newCredentialsFromNetrc(clientEnv, fileSystem); - } catch (IOException e) { - reporter.handle(Event.warn(e.getMessage())); - } - - try { - if (creds != null - && remoteOptions.remoteCache != null - && Ascii.toLowerCase(remoteOptions.remoteCache).startsWith("http://") - && !creds.getRequestMetadata(new URI(remoteOptions.remoteCache)).isEmpty()) { - reporter.handle( - Event.warn( - "Username and password from .netrc is transmitted in plaintext to " - + remoteOptions.remoteCache - + ". Please consider using an HTTPS endpoint.")); - } - } catch (URISyntaxException e) { - throw new IOException(e.getMessage(), e); - } - } - - return creds; - } - @VisibleForTesting static CredentialHelperProvider newCredentialHelperProvider( CredentialHelperEnvironment environment, @@ -1159,6 +1067,33 @@ static CredentialHelperProvider newCredentialHelperProvider( return builder.build(); } + static Credentials newCredentials( + Map clientEnv, + FileSystem fileSystem, + Reporter reporter, + AuthAndTLSOptions authAndTlsOptions, + RemoteOptions remoteOptions) throws IOException { + Credentials credentials = GoogleAuthUtils.newCredentials(clientEnv, fileSystem, authAndTlsOptions); + + try { + if (credentials != null + && remoteOptions.remoteCache != null + && Ascii.toLowerCase(remoteOptions.remoteCache).startsWith("http://") + && !credentials.getRequestMetadata(new URI(remoteOptions.remoteCache)).isEmpty()) { + // TODO(yannic): Make this a error aborting the build. + reporter.handle( + Event.warn( + "Credentials are transmitted in plaintext to " + + remoteOptions.remoteCache + + ". Please consider using an HTTPS endpoint.")); + } + } catch (URISyntaxException e) { + throw new IOException(e.getMessage(), e); + } + + return credentials; + } + @VisibleForTesting @AutoValue abstract static class ScopedCredentialHelper { diff --git a/src/test/java/com/google/devtools/build/lib/authandtls/BUILD b/src/test/java/com/google/devtools/build/lib/authandtls/BUILD index 90634ffd83f0b4..b5fc69c0791da9 100644 --- a/src/test/java/com/google/devtools/build/lib/authandtls/BUILD +++ b/src/test/java/com/google/devtools/build/lib/authandtls/BUILD @@ -25,7 +25,11 @@ java_library( ), deps = [ "//src/main/java/com/google/devtools/build/lib/authandtls", + "//src/main/java/com/google/devtools/build/lib/vfs", + "//src/main/java/com/google/devtools/build/lib/vfs/inmemoryfs", "//src/main/java/com/google/devtools/common/options", + "//src/test/java/com/google/devtools/build/lib/testutil", + "//third_party:auth_checked_in", "//third_party:guava", "//third_party:junit4", "//third_party:truth", diff --git a/src/test/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtilsTest.java b/src/test/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtilsTest.java new file mode 100644 index 00000000000000..fabef34edadcf8 --- /dev/null +++ b/src/test/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtilsTest.java @@ -0,0 +1,95 @@ +package com.google.devtools.build.lib.authandtls; + +import static com.google.common.truth.Truth8.assertThat; +import static java.nio.charset.StandardCharsets.UTF_8; + +import com.google.auth.Credentials; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.Iterables; +import com.google.common.truth.Truth; +import com.google.devtools.build.lib.testutil.Scratch; +import com.google.devtools.build.lib.vfs.DigestHashFunction; +import com.google.devtools.build.lib.vfs.FileSystem; +import com.google.devtools.build.lib.vfs.inmemoryfs.InMemoryFileSystem; +import java.net.URI; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +@RunWith(JUnit4.class) +public class GoogleAuthUtilsTest { + @Test + public void testNetrc_emptyEnv_shouldIgnore() throws Exception { + Map clientEnv = ImmutableMap.of(); + FileSystem fileSystem = new InMemoryFileSystem(DigestHashFunction.SHA256); + + assertThat(GoogleAuthUtils.newCredentialsFromNetrc(clientEnv, fileSystem)).isEmpty(); + } + + @Test + public void testNetrc_netrcNotExist_shouldIgnore() throws Exception { + String home = "/home/foo"; + Map clientEnv = ImmutableMap.of("HOME", home); + FileSystem fileSystem = new InMemoryFileSystem(DigestHashFunction.SHA256); + + assertThat(GoogleAuthUtils.newCredentialsFromNetrc(clientEnv, fileSystem)).isEmpty(); + } + + @Test + public void testNetrc_netrcExist_shouldUse() throws Exception { + String home = "/home/foo"; + Map clientEnv = ImmutableMap.of("HOME", home); + FileSystem fileSystem = new InMemoryFileSystem(DigestHashFunction.SHA256); + Scratch scratch = new Scratch(fileSystem); + scratch.file(home + "/.netrc", "machine foo.example.org login foouser password foopass"); + + Optional credentials = GoogleAuthUtils.newCredentialsFromNetrc(clientEnv, fileSystem); + + assertThat(credentials).isPresent(); + assertRequestMetadata( + credentials.get().getRequestMetadata(URI.create("https://foo.example.org")), + "foouser", + "foopass"); + } + + @Test + public void testNetrc_netrcFromNetrcEnvExist_shouldUse() throws Exception { + String home = "/home/foo"; + String netrc = "/.netrc"; + Map clientEnv = ImmutableMap.of("HOME", home, "NETRC", netrc); + FileSystem fileSystem = new InMemoryFileSystem(DigestHashFunction.SHA256); + Scratch scratch = new Scratch(fileSystem); + scratch.file(home + "/.netrc", "machine foo.example.org login foouser password foopass"); + scratch.file(netrc, "machine foo.example.org login baruser password barpass"); + + Optional credentials = GoogleAuthUtils.newCredentialsFromNetrc(clientEnv, fileSystem); + + assertThat(credentials).isPresent(); + assertRequestMetadata( + credentials.get().getRequestMetadata(URI.create("https://foo.example.org")), + "baruser", + "barpass"); + } + + @Test + public void testNetrc_netrcFromNetrcEnvNotExist_shouldIgnore() throws Exception { + String home = "/home/foo"; + String netrc = "/.netrc"; + Map clientEnv = ImmutableMap.of("HOME", home, "NETRC", netrc); + FileSystem fileSystem = new InMemoryFileSystem(DigestHashFunction.SHA256); + Scratch scratch = new Scratch(fileSystem); + scratch.file(home + "/.netrc", "machine foo.example.org login foouser password foopass"); + + assertThat(GoogleAuthUtils.newCredentialsFromNetrc(clientEnv, fileSystem)).isEmpty(); + } + + private static void assertRequestMetadata( + Map> requestMetadata, String username, String password) { + Truth.assertThat(requestMetadata.keySet()).containsExactly("Authorization"); + Truth.assertThat(Iterables.getOnlyElement(requestMetadata.values())) + .containsExactly(BasicHttpAuthenticationEncoder.encode(username, password, UTF_8)); + } +} diff --git a/src/test/java/com/google/devtools/build/lib/remote/BUILD b/src/test/java/com/google/devtools/build/lib/remote/BUILD index 0102233157caee..7a7e06d842e8e7 100644 --- a/src/test/java/com/google/devtools/build/lib/remote/BUILD +++ b/src/test/java/com/google/devtools/build/lib/remote/BUILD @@ -44,17 +44,14 @@ java_test( "//src/main/java/com/google/devtools/build/lib:runtime", "//src/main/java/com/google/devtools/build/lib/actions", "//src/main/java/com/google/devtools/build/lib/actions:action_input_helper", - "//src/main/java/com/google/devtools/build/lib/actions:action_lookup_data", "//src/main/java/com/google/devtools/build/lib/actions:artifacts", "//src/main/java/com/google/devtools/build/lib/actions:execution_requirements", "//src/main/java/com/google/devtools/build/lib/actions:file_metadata", "//src/main/java/com/google/devtools/build/lib/actions:localhost_capacity", "//src/main/java/com/google/devtools/build/lib/analysis:blaze_directories", "//src/main/java/com/google/devtools/build/lib/analysis:blaze_version_info", - "//src/main/java/com/google/devtools/build/lib/analysis:config/build_options", "//src/main/java/com/google/devtools/build/lib/analysis:config/core_options", "//src/main/java/com/google/devtools/build/lib/analysis:server_directories", - "//src/main/java/com/google/devtools/build/lib/analysis/platform:platform_utils", "//src/main/java/com/google/devtools/build/lib/authandtls", "//src/main/java/com/google/devtools/build/lib/authandtls/credentialhelper", "//src/main/java/com/google/devtools/build/lib/buildeventstream", @@ -80,7 +77,6 @@ java_test( "//src/main/java/com/google/devtools/build/lib/remote/util", "//src/main/java/com/google/devtools/build/lib/runtime/commands", "//src/main/java/com/google/devtools/build/lib/skyframe:tree_artifact_value", - "//src/main/java/com/google/devtools/build/lib/util", "//src/main/java/com/google/devtools/build/lib/util:abrupt_exit_exception", "//src/main/java/com/google/devtools/build/lib/util:exit_code", "//src/main/java/com/google/devtools/build/lib/util/io", @@ -96,7 +92,6 @@ java_test( "//src/test/java/com/google/devtools/build/lib/exec/util", "//src/test/java/com/google/devtools/build/lib/remote/util", "//src/test/java/com/google/devtools/build/lib/testutil", - "//src/test/java/com/google/devtools/build/lib/testutil:JunitUtils", "//src/test/java/com/google/devtools/build/lib/testutil:TestUtils", "//third_party:api_client", "//third_party:auth", diff --git a/src/test/java/com/google/devtools/build/lib/remote/GrpcCacheClientTestBase.java b/src/test/java/com/google/devtools/build/lib/remote/GrpcCacheClientTestBase.java index 97a564b6ec2db0..d6b02b5554b541 100644 --- a/src/test/java/com/google/devtools/build/lib/remote/GrpcCacheClientTestBase.java +++ b/src/test/java/com/google/devtools/build/lib/remote/GrpcCacheClientTestBase.java @@ -141,7 +141,7 @@ protected GrpcCacheClient newClient( try (InputStream in = scratch.resolve(authTlsOptions.googleCredentials).getInputStream()) { callCredentialsProvider = GoogleAuthUtils.newCallCredentialsProvider( - GoogleAuthUtils.newCredentials(in, authTlsOptions.googleAuthScopes)); + GoogleAuthUtils.newGoogleCredentials(in, authTlsOptions.googleAuthScopes)); } CallCredentials creds = callCredentialsProvider.getCallCredentials(); diff --git a/src/test/java/com/google/devtools/build/lib/remote/RemoteModuleTest.java b/src/test/java/com/google/devtools/build/lib/remote/RemoteModuleTest.java index e15cdf3ecbe2c4..94479e9ad7544c 100644 --- a/src/test/java/com/google/devtools/build/lib/remote/RemoteModuleTest.java +++ b/src/test/java/com/google/devtools/build/lib/remote/RemoteModuleTest.java @@ -15,7 +15,6 @@ import static com.google.common.truth.Truth.assertThat; import static com.google.common.truth.Truth8.assertThat; -import static java.nio.charset.StandardCharsets.UTF_8; import static org.junit.Assert.assertThrows; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -38,7 +37,6 @@ import com.google.devtools.build.lib.analysis.config.CoreOptions; import com.google.devtools.build.lib.authandtls.AuthAndTLSOptions; import com.google.devtools.build.lib.authandtls.AuthAndTLSOptions.UnresolvedScopedCredentialHelper; -import com.google.devtools.build.lib.authandtls.BasicHttpAuthenticationEncoder; import com.google.devtools.build.lib.authandtls.credentialhelper.CredentialHelperEnvironment; import com.google.devtools.build.lib.authandtls.credentialhelper.CredentialHelperProvider; import com.google.devtools.build.lib.events.Reporter; @@ -77,7 +75,6 @@ import java.net.URI; import java.time.Duration; import java.util.ArrayList; -import java.util.List; import java.util.Map; import org.junit.Test; import org.junit.runner.RunWith; @@ -489,77 +486,6 @@ public void getCapabilities( } } - @Test - public void testNetrc_emptyEnv_shouldIgnore() throws Exception { - Map clientEnv = ImmutableMap.of(); - FileSystem fileSystem = new InMemoryFileSystem(DigestHashFunction.SHA256); - - Credentials credentials = RemoteModule.newCredentialsFromNetrc(clientEnv, fileSystem); - - assertThat(credentials).isNull(); - } - - @Test - public void testNetrc_netrcNotExist_shouldIgnore() throws Exception { - String home = "/home/foo"; - Map clientEnv = ImmutableMap.of("HOME", home); - FileSystem fileSystem = new InMemoryFileSystem(DigestHashFunction.SHA256); - - Credentials credentials = RemoteModule.newCredentialsFromNetrc(clientEnv, fileSystem); - - assertThat(credentials).isNull(); - } - - @Test - public void testNetrc_netrcExist_shouldUse() throws Exception { - String home = "/home/foo"; - Map clientEnv = ImmutableMap.of("HOME", home); - FileSystem fileSystem = new InMemoryFileSystem(DigestHashFunction.SHA256); - Scratch scratch = new Scratch(fileSystem); - scratch.file(home + "/.netrc", "machine foo.example.org login foouser password foopass"); - - Credentials credentials = RemoteModule.newCredentialsFromNetrc(clientEnv, fileSystem); - - assertThat(credentials).isNotNull(); - assertRequestMetadata( - credentials.getRequestMetadata(URI.create("https://foo.example.org")), - "foouser", - "foopass"); - } - - @Test - public void testNetrc_netrcFromNetrcEnvExist_shouldUse() throws Exception { - String home = "/home/foo"; - String netrc = "/.netrc"; - Map clientEnv = ImmutableMap.of("HOME", home, "NETRC", netrc); - FileSystem fileSystem = new InMemoryFileSystem(DigestHashFunction.SHA256); - Scratch scratch = new Scratch(fileSystem); - scratch.file(home + "/.netrc", "machine foo.example.org login foouser password foopass"); - scratch.file(netrc, "machine foo.example.org login baruser password barpass"); - - Credentials credentials = RemoteModule.newCredentialsFromNetrc(clientEnv, fileSystem); - - assertThat(credentials).isNotNull(); - assertRequestMetadata( - credentials.getRequestMetadata(URI.create("https://foo.example.org")), - "baruser", - "barpass"); - } - - @Test - public void testNetrc_netrcFromNetrcEnvNotExist_shouldIgnore() throws Exception { - String home = "/home/foo"; - String netrc = "/.netrc"; - Map clientEnv = ImmutableMap.of("HOME", home, "NETRC", netrc); - FileSystem fileSystem = new InMemoryFileSystem(DigestHashFunction.SHA256); - Scratch scratch = new Scratch(fileSystem); - scratch.file(home + "/.netrc", "machine foo.example.org login foouser password foopass"); - - Credentials credentials = RemoteModule.newCredentialsFromNetrc(clientEnv, fileSystem); - - assertThat(credentials).isNull(); - } - @Test public void testNetrc_netrcWithoutRemoteCache() throws Exception { String netrc = "/.netrc"; @@ -580,13 +506,6 @@ public void testNetrc_netrcWithoutRemoteCache() throws Exception { assertThat(credentials.getRequestMetadata(URI.create("https://bar.example.org"))).isEmpty(); } - private static void assertRequestMetadata( - Map> requestMetadata, String username, String password) { - assertThat(requestMetadata.keySet()).containsExactly("Authorization"); - assertThat(Iterables.getOnlyElement(requestMetadata.values())) - .containsExactly(BasicHttpAuthenticationEncoder.encode(username, password, UTF_8)); - } - @Test public void testCredentialHelperProvider() throws Exception { FileSystem fileSystem = new InMemoryFileSystem(DigestHashFunction.SHA256); diff --git a/src/test/java/com/google/devtools/build/lib/remote/RemoteServerCapabilitiesTest.java b/src/test/java/com/google/devtools/build/lib/remote/RemoteServerCapabilitiesTest.java index 33e4bcf346dd84..42b47afed197bb 100644 --- a/src/test/java/com/google/devtools/build/lib/remote/RemoteServerCapabilitiesTest.java +++ b/src/test/java/com/google/devtools/build/lib/remote/RemoteServerCapabilitiesTest.java @@ -224,7 +224,7 @@ public int maxConcurrency() { } }); CallCredentials creds = - GoogleAuthUtils.newCallCredentials(Options.getDefaults(AuthAndTLSOptions.class)); + GoogleAuthUtils.newCallCredentialsForTesting(Options.getDefaults(AuthAndTLSOptions.class)); RemoteServerCapabilities client = new RemoteServerCapabilities("instance", channel.retain(), creds, 3, retrier); diff --git a/src/test/java/com/google/devtools/build/lib/remote/downloader/BUILD b/src/test/java/com/google/devtools/build/lib/remote/downloader/BUILD index f17cff830398d3..b4b82145b36721 100644 --- a/src/test/java/com/google/devtools/build/lib/remote/downloader/BUILD +++ b/src/test/java/com/google/devtools/build/lib/remote/downloader/BUILD @@ -25,7 +25,8 @@ java_library( "//src/main/java/com/google/devtools/build/lib/bazel/repository/cache", "//src/main/java/com/google/devtools/build/lib/bazel/repository/downloader", "//src/main/java/com/google/devtools/build/lib/events", - "//src/main/java/com/google/devtools/build/lib/remote", + "//src/main/java/com/google/devtools/build/lib/remote:ReferenceCountedChannel", + "//src/main/java/com/google/devtools/build/lib/remote:Retrier", "//src/main/java/com/google/devtools/build/lib/remote/common", "//src/main/java/com/google/devtools/build/lib/remote/downloader", "//src/main/java/com/google/devtools/build/lib/remote/grpc",